KnockKnock cyber-attack targets corporate Office 365 accounts

No data has apparently been stolen, but many businesses could be affected, Skyhigh warns,

Shares

A major new cyber-attack named as KnockKnock has been detected currently taking place against Office 365 Exchange Online email accounts, according to Skyhigh Networks.

The cloud security firm is reporting that more than half of its customers are being attacked from 16 different countries. The interesting thing about this attack is that it's not targeting humans or their 'human' accounts, but rather machines. Under attack are corporate accounts, not tied to any human identity, which thus lack the usual advanced security measures such as two-factor authentication or recurring password reset.

The attacks started in May and are still ongoing, although Skyhigh says the bulk of attack happened in the summer months between June and August. So far, 63 different networks and 83 IP addresses have been used for the attacks.

Skyhigh has notified the affected parties and said that no data loss has been spotted.

“Normally, login attacks follow the ‘brute force’ template with widespread attempts made simultaneously across hundreds of corporate accounts, but KnockKnock reveals that more precise tactics are being deployed,“ commented Nigel Hawthorn, chief European spokesperson at Skyhigh Networks.

“By intelligently targeting accounts not linked to users, the attempts are far less likely to be red flagged or noticed by security, particularly if only one or two attempts are made at any one time; three failed login attempts often sets of alarm bells – just think about what happens to your phone if you forget your pin.”

“Businesses rely on a variety of tools that work together to produce a holistic cloud infrastructure but these connections require the creation of accounts that aren’t linked to a specific user. If companies don’t fully understand how their infrastructure works, hacker entry into one system could have a domino effect. For example, if actors manage to force entry into email accounts which, in turn, are linked to CRM or accounting solutions, suddenly an even bigger pool of corporate and customer data is at risk.”

“To ensure such accounts are awarded the same attention as other network vulnerabilities, firms must not only be aware of which and how systems are linked, but have the ability to monitor long-term login and user activity, so that attacks like KnockKnock are flagged.”